Back to pstotext PTS page

Accepted pstotext 1.9-3 (source i386)



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Fri,  5 May 2006 17:09:48 +0200
Source: pstotext
Binary: pstotext
Architecture: source i386
Version: 1.9-3
Distribution: unstable
Urgency: high
Maintainer: J.H.M. Dassen (Ray) <jdassen@debian.org>
Changed-By: J.H.M. Dassen (Ray) <jdassen@debian.org>
Description: 
 pstotext   - Extract text from PostScript and PDF files
Closes: 356988
Changes: 
 pstotext (1.9-3) unstable; urgency=high
 .
   * [main.c] Security fix. popen(3) was being used in a construct which could
     did not perform sufficient cleanup/quoting of filenames; these filenames
     could come from untrusted sources like a web indexing service and could
     thus be misused to execute shell code as the user running pstotext. The
     use of popen(3) has been replaced by an explicit fork/pipe construct
     which does not involve the use of a shell. (Closes: #356988)
   * [debian/control] Change the non-virtual package suggestion for the
     dependency on the "gs" virtual package to gs-gpl as gs-aladdin has become
     a transitional package.
   * [debian/control] Updated Standards-Version.
Files: 
 1a601f83c3461e09af5d08546fe73424 554 text optional pstotext_1.9-3.dsc
 537914be4b8e09203b0020262be4404e 9045 text optional pstotext_1.9-3.diff.gz
 4c3447207f721bcde1afe116ce1f89f4 32604 text optional pstotext_1.9-3_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEW24TIwmOUm50p9ERAnb9AKCh/djALjSnFy+jGRPtROC4U7hVHwCg6VRP
jMAzbBlAmSkZZMORwk/DZX4=
=VIKG
-----END PGP SIGNATURE-----


Accepted:
pstotext_1.9-3.diff.gz
  to pool/main/p/pstotext/pstotext_1.9-3.diff.gz
pstotext_1.9-3.dsc
  to pool/main/p/pstotext/pstotext_1.9-3.dsc
pstotext_1.9-3_i386.deb
  to pool/main/p/pstotext/pstotext_1.9-3_i386.deb